fastweb.it - see bug description

webcompat-bot commented 8 years ago

URL: https://fastweb.it/myfastpage/accesso/ Browser / Version: Firefox 38.0 Operating System: Windows 7 Problem type: Something else - I'll add details below

Steps to Reproduce 1) Navigate to: https://fastweb.it/myfastpage/accesso/ 2) If you check server SSL you will find Vulnerability (https://www.ssllabs.com/ssltest/analyze.html?d=fastweb.it&latest) - ( https://www.ssllabs.com/ssltest/analyze.html?d=fastweb.it&s=62.101.76.205&latest )

3) Also in the top right there is Mail link who open a mail login page. This should be on SSL and is not in SSL. ( http://www.fastweb.it/servizi/fastmail/?header-portale=link-mail&from=home ) NO SSL PROTECTION.

Expected Behavior:

1 - 2) Server should be a B or A grade Secure no vulnerabilities

3) Mail should be under SSL

4) My Voice Home should be SSL protected (this is accessible only from customer panel )

Actual Behavior:

If you scan the website (https://www.ssllabs.com/ssltest/analyze.html?d=fastweb.it&latest) - ( https://www.ssllabs.com/ssltest/analyze.html?d=fastweb.it&s=62.101.76.205&latest ) you can see server is PODDLE ATTACK vulnerable: This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.
Server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F

3) Also in the top right there is Mail link who open a mail login page. This should be on SSL and is not in SSL. ( http://www.fastweb.it/servizi/fastmail/?header-portale=link-mail&from=home ) NO SSL PROTECTION.

4) Also is necessary says to Fastweb also Voice Home services should be over SSL in the customers panel (this is not accessible to non customers)